Closed
Bug 243269
Opened 20 years ago
Closed 20 years ago
crash if reloading while logged into gmail account
Categories
(SeaMonkey :: General, defect)
SeaMonkey
General
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 244178
People
(Reporter: bogdan.stroe, Unassigned)
References
()
Details
(Keywords: crash, qawanted, top100)
Reproducible: Always Steps to reproduce: 1 Log into GMail account 2 Try to reload the page (F5 or reload button) Talkback didn't start. I tried a couple of times and Windows reports crashes in different places: AppName: mozilla.exe AppVer: 1.8.20040.51009 ModName: ntdll.dll ModVer: 5.1.2600.1106 Offset: 00002a84 AppName: mozilla.exe AppVer: 1.8.20040.51009 ModName: xpcom.dll ModVer: 1.8.20040.51009 Offset: 0003d6cd AppName: mozilla.exe AppVer: 1.8.20040.51009 ModName: msvcrt.dll ModVer: 7.0.2600.1106 Offset: 00032fc6
|
||
Comment 1•20 years ago
|
||
Bogdan: Try to shut down Mozilla, delete file components/compreg.dat in Mozilla directory and try to reproduce again. Futhermore, please provide your Mozilla version and build ID.
|
||
Comment 2•20 years ago
|
||
From his report it looks like he's using: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040510
|
Reporter | |
Comment 3•20 years ago
|
||
(In reply to comment #2) > From his report it looks like he's using: > > Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040510 Exactly! I'll test if compreg.dat is the cause of this later today.
|
||
Comment 4•20 years ago
|
||
I also crash on gmail, I can't even login at all. This worked: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040510 Firefox/0.8.0+ This doesnt: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a) Gecko/20040512 Firefox/0.8.0+
|
|
||
Comment 5•20 years ago
|
||
Using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a) Gecko/20040513 Firefox/0.8.0+, I crashed while logging into Gmail. After entering my username and password, I pressed the "Sign in" button, and Firefox thought about something for a second (and probably fetched some data) and crashed. I tried it again and it worked. Haven't been able to reproduce. Adding top100 keyword so this gets some attention. This may not be a top100 site yet, but it certainly will be so we should iron out kinks preferably before it goes live to the public.
|
|
||
Comment 6•20 years ago
|
||
Now I can reproduce. It appears that certain accounts trigger this. If I log in with my account, it works fine. If I login with my fiancee's account, it crashes on Sign in. This is all on Linux. I haven't been able to reproduce any crashes on Windows yet (both accounts seem to work okay).
Could be wrong, but here's the crash I just triggered at gmail forcing a reload ntdll.dll!RtlSizeHeap() + 0x5ef ntdll.dll!LdrGetDllHandle() + 0x557 ntdll.dll!RtlAllocateHeap() + 0x5df msvcr71.dll!_heap_alloc(unsigned int size=0x00000038) Line 212 C msvcr71.dll!_nh_malloc(unsigned int size=0x00000038, int nhFlag=0x00000000) Line 113 C msvcr71.dll!malloc(unsigned int size=0x00000038) Line 54 + 0xf C > js3250.dll!JS_malloc(JSContext * cx=0x02a77820, unsigned int nbytes=0x00000038) Line 1463 + 0xa C js3250.dll!js_NewScope(JSContext * cx=0x02a77820, long nrefs=0x00000000, JSObjectOps * ops=0x0108b6c0, JSClass * clasp=0x01088350, JSObject * obj=0x0497f948) Line 140 + 0xb C js3250.dll!js_GetMutableScope(JSContext * cx=0x02a77820, JSObject * obj=0x0497f948) Line 71 + 0x23 C js3250.dll!js_DefineNativeProperty(JSContext * cx=0x02a77820, JSObject * obj=0x0497f948, long id=0x00e11740, long value=0x00000001, int (JSContext *, JSObject *, long, long *)* getter=0x0101acb0, int (JSContext *, JSObject *, long, long *)* setter=0x0101ad30, unsigned int attrs=0x00000004, unsigned int flags=0x00000000, int shortid=0x00000000, JSProperty * * propp=0x00000000) Line 2347 + 0xd C js3250.dll!js_DefineProperty(JSContext * cx=0x02a77820, JSObject * obj=0x0497f948, long id=0x00e11740, long value=0x00000001, int (JSContext *, JSObject *, long, long *)* getter=0x0101acb0, int (JSContext *, JSObject *, long, long *)* setter=0x0101ad30, unsigned int attrs=0x00000004, JSProperty * * propp=0x00000000) Line 2271 + 0x29 C js3250.dll!InitArrayObject(JSContext * cx=0x02a77820, JSObject * obj=0x0497f948, unsigned long length=0x00000000, long * vector=0x00000000) Line 557 + 0x29 C js3250.dll!js_NewArrayObject(JSContext * cx=0x02a77820, unsigned long length=0x00000000, long * vector=0x00000000) Line 1424 + 0x15 C js3250.dll!js_ExecuteRegExp(JSContext * cx=0x02a77820, JSRegExp * re=0x020c36e8, JSString * str=0x02fb1e90, unsigned int * indexp=0x00126f64, int test=0x00000000, long * rval=0x00127030) Line 2961 + 0xd C js3250.dll!match_or_replace(JSContext * cx=0x02a77820, JSObject * obj=0x0497f940, unsigned int argc=0x00000001, long * argv=0x0491f510, int (JSContext *, long, GlobData *)* glob=0x010788b0, GlobData * data=0x00126f98, long * rval=0x00127030) Line 1190 + 0x1d C js3250.dll!str_match(JSContext * cx=0x02a77820, JSObject * obj=0x0497f940, unsigned int argc=0x00000001, long * argv=0x0491f510, long * rval=0x00127030) Line 1244 + 0x22 C js3250.dll!js_Invoke(JSContext * cx=0x02a77820, unsigned int argc=0x00000001, unsigned int flags=0x00000000) Line 1281 + 0x20 C js3250.dll!js_Interpret(JSContext * cx=0x02a77820, long * result=0x001278ac) Line 3370 + 0xf C js3250.dll!js_Invoke(JSContext * cx=0x02a77820, unsigned int argc=0x00000002, unsigned int flags=0x00000000) Line 1301 + 0xd C js3250.dll!js_Interpret(JSContext * cx=0x02a77820, long * result=0x001280a4) Line 3370 + 0xf C js3250.dll!js_Invoke(JSContext * cx=0x02a77820, unsigned int argc=0x00000001, unsigned int flags=0x00000002) Line 1301 + 0xd C xpc3250.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper=0x03d7b1c8, unsigned short methodIndex=0x0003, const nsXPTMethodInfo * info=0x02bc5118, nsXPTCMiniVariant * nativeParams=0x001283b0) Line 1336 + 0x14 C++ looks like corrupted heap. but regexp stuff is on the stack which could be tell tale. note that my mozilla cried out for help a bit earlier: Error: Object is not defined Source File: http://gmail.google.com/gmail?view=page&name=js&ver=7ec81f32c9bb9431 Line: 3 The regexp bit reminds me of a bug brendan was going to fix. this is a cvs build from last night using vc7.1 with aaronl's mouse breaking patch reverted (and my usual series of random changes).
|
|
||
Comment 8•20 years ago
|
||
(In reply to comment #6) > This is all on Linux. I haven't been able to reproduce any crashes on Windows > yet (both accounts seem to work okay). Windows has joined in the crashing fun too now!
|
||
Comment 9•20 years ago
|
||
timeless: what regexp bug? If you mean the UMR crash bug 243389, I doubt that is involved here. In that bug, the regexp source was malformed, and the crash was not due to heap corruption. This could be anything. Purify and valgrind are good, but heavyweight. If you have more skidmarks, in particular some notion from the malloc implementation of what is corrupted, or just a dump of memory from the heap, that might help. It would be painful fun to reconstruct what was allocated. Enabling trace-malloc might let us find the stacks of who allocated what, though. /be
|
||
Comment 10•20 years ago
|
||
yeah that bug. i've tried tracerefcnt the logs flooded my system and mozilla didn't crash. but that was a different gmail crasher. i could try tracemalloc, but i can't imagine having much better luck. atm purify + mozilla refuse to crash for bz's other dom crash. i can't seem to find the crash referenced here among my dead geckos, it must have been closed... i have three other dead geckos... i'm also out of playtime for a while. hopefully my stuff will arrive this weekend and my work tasks will lighten up.
|
|
||
Comment 11•20 years ago
|
||
Did I say to log refcounts? No. The idea is to be able to look at the heap and see who allocated chunks around the corruption, and containing the corruption. /be
|
|
||
Comment 12•20 years ago
|
||
I fixed an ABW in rogerl's big regexp redo yesterday, bug 243174. Maybe that was behind this crash? /be
|
||
Comment 13•20 years ago
|
||
I'll see when a new nightly comes out I guess, as it is though, this is definitely happening for me, I've submitted about 6 Talkbacks for it, all under the name tmeader@gmail.com. I'm using Firefox Windows 20040518 currently.
|
|
||
Comment 14•20 years ago
|
||
*** Bug 244214 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of 244178 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
|
||
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•